1. Field of the Invention
Embodiments of the present invention relate to computer system software. More specifically, embodiments of the present invention relate to methods and systems for protecting information in a computer system.
2. Related Art
Preventing unauthorized access to sensitive information stored on networked computer systems is of paramount interest to users and network administrators. Mechanisms such as password protection and encryption provide some level of security; however, even with these mechanisms in place, sensitive information remains vulnerable.
Consider the use of passwords, for example. As part of a typical login, a query process is initiated in which the user's password is entered. In general, the password is temporarily placed in a buffer (e.g., in a login program area) until it is encrypted and then compared with a name service database (e.g., an Active Directory, a Lightweight Directory Access Protocol database, or the like) for authentication. Although the time in the buffer may be short, it is exposed to access by unauthorized persons during this time. If there are any subsequent network delays that impede encrypting of the password and/or forwarding of the password to the name service database, the window of opportunity for unauthorized access is expanded. In addition, while the use of a password may hinder external attacks on information security, attacks may also originate internally. To a savvy internal user, or to a privileged user on the system such as a network administrator of some sort (e.g., a “root user”), the password may be readily available.
A common form of attack against an encrypted password may be referred to as a “dictionary attack.” The attacker uses a database of words, names, dates, etc., that constitute the “dictionary.” The entries in the dictionary are encrypted and compared against the encrypted password. This type of attack is unfortunately very efficient because many people select passwords that are readily guessed. A similar form of attack can be used when the passwords are not encrypted.
Thus, while passwords provide a degree of protection in the prior art, the level of protection provided by passwords may be readily surmounted.
Other types of sensitive information, such as database entries, may also be vulnerable to unauthorized access while being manipulated by an executing program. Oftentimes, the information is not encrypted, or it may remain in the clear for a protracted period of time prior to encryption. During these times, the information may be accessible to unauthorized persons, including privileged users.
Sensitive information may also become accessible in the event of a core dump that occurs as a result of some type of failure (e.g., the computer system “locks up”). A typical operating system will create a core file (image) that captures the state of the executing program at the time of the failure, particularly when write privileges have been granted by the program. A computer-savvy individual can then gain access to the core file and to the sensitive information it might contain. Also, a privileged user on the system may purposely trigger a failure, with the intent of forcing the creation of a core file in order to access the sensitive information it might contain.
To summarize, there are many times when a program will access and manipulate sensitive information (passwords, database entries and the like). During these times, the information is vulnerable to access by unauthorized persons (including privileged users). Furthermore, program errors, malicious or otherwise, may allow the information to become accessible to unauthorized persons.